The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes.....
3.8CVSS
4.3AI Score
0.0004EPSS
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation...
2.4CVSS
0.0004EPSS
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot...
5.2CVSS
7AI Score
0.0004EPSS
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes.....
3.8CVSS
7AI Score
0.0004EPSS
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the...
4.3CVSS
6.8AI Score
0.0004EPSS
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative...
4.3CVSS
6.8AI Score
0.0004EPSS
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation...
2.4CVSS
6.4AI Score
0.0004EPSS
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data...
3.5CVSS
6.5AI Score
0.0004EPSS
CVE-2023-29066 Incorrect User Management
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data...
3.2CVSS
4.2AI Score
0.0004EPSS
CVE-2023-29065 Overly Permissive Access Policy
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the...
4.1CVSS
4.9AI Score
0.0004EPSS
CVE-2023-29064 Hardcoded Secrets
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative...
4.1CVSS
5AI Score
0.0004EPSS
CVE-2023-29063 Lack of DMA Access Protections
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation...
2.4CVSS
3.7AI Score
0.0004EPSS
CVE-2023-29062 Unsecure Identity Verification
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes.....
3.8CVSS
4.6AI Score
0.0004EPSS
CVE-2023-29061 Lack of Adequate BIOS Authentication
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot...
5.2CVSS
5.5AI Score
0.0004EPSS
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate...
5.7CVSS
5.4AI Score
0.0004EPSS
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate...
5.7CVSS
0.0004EPSS
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate...
5.7CVSS
6.8AI Score
0.0004EPSS
CVE-2023-29060 Lack of USB Whitelisting
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate...
5.4CVSS
5.7AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: FACSChorus Vulnerabilities: Missing Protection Mechanism for Alternate Hardware Interface, Missing Authentication for Critical Function, Improper Authentication, Use...
5.7CVSS
5.3AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...
8.8CVSS
9.3AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Thunderbird vulnerabilities (USN-6515-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6515-1 advisory. On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images...
8.8CVSS
8.5AI Score
0.001EPSS
bd-journal.com Cross Site Scripting vulnerability OBB-3783901
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.3AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
(RHSA-2023:7177) Moderate: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7AI Score
0.001EPSS
Moderate: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
7AI Score
0.001EPSS
Moderate: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
7.5AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: libnbd-1.18.1-2.fc39
NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF=BF =BD is a protocol for accessing Block Devices (hard disks and disk-like things) over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: *...
5.3CVSS
5.4AI Score
0.001EPSS
Rocky Linux 8 : libdb (RLSA-2021:1675)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1675 advisory. Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to...
3.3CVSS
5.7AI Score
0.001EPSS
Fedora: Security Advisory for bind9-next (FEDORA-2023-1c069009b8)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for bind (FEDORA-2023-b4acb0f7c6)
The remote host is missing an update for...
7.5CVSS
8AI Score
0.002EPSS
[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...
8.1CVSS
7.2AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: bind9-next-9.19.17-1.fc39
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.2AI Score
[SECURITY] Fedora 39 Update: bind-9.18.19-1.fc39
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
7.2AI Score
0.002EPSS
[SECURITY] Fedora 37 Update: python-urllib3-1.26.18-1.fc37
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...
4.2CVSS
7AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Thunderbird vulnerabilities (USN-6468-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6468-1 advisory. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to...
9.8CVSS
8.6AI Score
0.001EPSS
Releases Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...
9.8CVSS
9.4AI Score
0.001EPSS
Fedora: Security Advisory for bind9-next (FEDORA-2023-a48c162033)
The remote host is missing an update for...
7.5AI Score
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...
9.8CVSS
8.1AI Score
0.001EPSS
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...
7.3CVSS
10AI Score
0.001EPSS
A cascade of compromise: unveiling Lazarus’ new campaign
Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What's remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor's systems continued to use the...
7.5AI Score
BD Alaris System with Guardrails Suite MX (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris PCU, Guardrails Editor, Systems Manager, Calculation Services, CQI Reporter Vulnerabilities: Insufficient Verification of Data Authenticity, Missing...
9.8CVSS
7.3AI Score
0.009EPSS
[SECURITY] Fedora 38 Update: bind9-next-9.19.17-1.fc38
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7AI Score
bd-journal.com Cross Site Scripting vulnerability OBB-3761419
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
[SECURITY] Fedora 38 Update: python-urllib3-1.26.18-1.fc38
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =EF=BF=BD=EF=BF=BD=EF=BF=BD Thread safety. =EF=BF=BD=EF=BF=BD=EF=BF=BD Connection pooling. =EF=BF=BD=EF=BF=BD=EF=BF=BD Client-side SSL/TLS...
4.2CVSS
7AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-4150-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4150-1 advisory. Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This...
8.8CVSS
8.5AI Score
0.009EPSS
Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4202-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4202-1 advisory. A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature,...
8.8CVSS
9.3AI Score
0.015EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Berkeley DB vulnerability (USN-4004-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4004-1 advisory. SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables....
9.8CVSS
9AI Score
0.008EPSS
(RHSA-2023:5771) Important: bind9.16 security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.6AI Score
0.002EPSS